ISAAC ABRAHAM

BOWIE MD *****

Tel:202-***-**** • Email: adrtxa@r.postjobfree.com

IT SECURITY CONTROL ASSESSOR / IT AUDITOR

PROFESSIONAL SUMMARY

A Security Control Assessor (SCA) and IT Auditor entrusted with managing complex and multi-system application control, COBIT, HIPAA, PCI DSS, SOX, NIST, SSAE 18, and audit projects affecting large number of users nationwide, with reputation for adept leadership of business to IT workflow analysis and walkthroughs and testing relating to Information Technology General Controls (ITGCs).

KEY SKILLS

•IT General & Application Controls

•Security Control Assessor (SCA)

•Wireless telecommunications

•SOX 404

•Internal Audit Co-Sourcing Engagement

•Problem solving skills

•Computer skills: Microsoft Office (Word, Excel, Outlook, and PowerPoint)

•Business Process Walkthroughs & Automated Controls Review

•Asset Safeguards & Change Management

EDUCATION & CERTIFICATIONS

•University of Lagos, Lagos, Nigeria- BSc in Mass Communication

•CompTIA Security+

•CompTIA Cybersecurity Analyst (CySA+)

•ISACA Certified Information Systems Auditor (CISA) in view

•ISC2 Certified Authorization Professional (CAP) – in view

PROFESSIONAL EXPERIENCE

RISK AND COMPLIANCE ANALYST

SLEKS TECHNOLOGY SERVICES, MCLEAN, VA MAY 2019- PRESENT

•Conduct client interview to determine the Security posture of the systems in scope, and assist in the completion of the Security Assessment Plan using NIST SP 800-53A

•Perform security control assessor (SCA) role as part of the Assessment and Authorization process to include analysis requirements, reviewing, reporting, and documentation.

•Conduct security control assessments based on NIST SP 800-53 Rev. 4, and NIST 800-37 Rev.1

•Perform security risk management review to validate that security risks have been identified and mitigated using AWS application.

•Perform reviews and updates to information security standards based on emerging risks/threats, regulatory requirements, and business needs, as directed.

•Develop and maintain a thorough understanding of Information Security industry standards/trends, best practices, processes, and technology; communicate information to team members as appropriate.

•Work with ISSO, AO and other security teams to assess the selected security controls to determine the weaknesses and produce Requirements Traceability Matrix (RTM) and to ensure that all findings are reported in our SAR.

•Review the security documents such as the System security Plans (SSP), Contingency Plans (CP), Privacy Impact Assessments (PIA), and Risk Assessment (RA) documents per NIST 800 guidelines for various agencies as part of the assessment process.

•Assist with development of Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plan of Action and Milestone (POA&M)

•Evaluate Authorization packages and make recommendation to the AO for authorization

•Serve as a key member of the company’s Information Security Compliance Program by supporting ongoing compliance activities and monitoring efforts across different Regulations and GRC Standards (SOX, SOC, GDRP, PCI, AML, KYC, FEDRAMP, ISO, others) as applicable.

•Assist in configuring AWS multi factor authentication in IAM to implement two step authentications of user’s access using google and AWS MFA.

•Gather data and produce and share reports on the qualitative and quantitative analysis. Propose suggestions to improve the effects of policies.

•Assisted with communicating overall cybersecurity strategies, policies, processes, and procedures.

•Briefed upper management with status on policy issues and presented recommendations and alternatives.

•Evaluate security assessment documentation and provide written recommendations for security authorization to the Government

IT COMPLIANCE ANALYST/ AUDITOR (JANUARY 2016 – MAY 2019)

UNICORN CONSULTING, MD

•Responsible for the execution and delivery of IT and business process audits to ensure business risks are recognized and appropriately mitigated before the company is adversely affected.

•Participated in integrated audits - carried out ITGC testing in support of financial statements audits.

•Reviewed documentation of clients' internal controls.

•Performed Access control, Change Management control, IT Operations Control, and IT application controls.

•Identified deficiencies in the design and operating effectiveness of controls and provided recommendations.

•Supported clients with audit readiness initiatives.

•Evaluated Information Technology General Controls (ITGCs) and IT Application Controls using COBIT Frameworks.

•Performed audit of IT general and application controls, information security, change management, business continuity, disaster recovery and computer operations.

•Participated in the review of management's self-identified risks and controls gaps.

•Reviewed of attestation engagement SSAE18, SOC 1, II, III reports and addressed both qualified and unqualified opinion reports.

•Ensured the strict compliance and adherence of IT policies and controls for all users in the organization

•Worked as a liaison between external auditors and the Internal Audit Department.

•Reviewed risk assessments

•Analyze business contingency plan, based on emerging security threats, vulnerabilities, and risks

•Contribute to the development and maintenance of the information security policies and standards

•Assisted IT control owners in the creation and maintenance of IT policies and procedures to support information assurance and regulatory compliance activities, by providing input on control objectives and activities.

•Gathered and interpreted audit evidence and provided effective documentation

•Conducted Business Impact Analysis (BIA) to analyze mission-critical business functions and identify and quantify the impact those functions if these are lost (e.g., operational, financial).

•Conducted IT controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy, and compliance with the Payment Card Industry Data Security Standard

FRONT DESK/ADMINISTRATIVE ASSISTANT FEBRUARY 2011 – DECEMBER 2016

VIZION ONE HEALTHCARE LLC

•Managed database and Prepare variety of reports and materials as needed

•Maintained up-to-date client information records to include data entry and filing.

•Prepare and send claims out to insurance companies.

•Retrieved source files and work from the data center each day.

•Used data entry equipment to record assigned data.

•Resolved minor processing problems; seeks assistance from supervisor or other appropriate staff for issues beyond immediate expertise.

•Maintained confidentiality of sensitive information.

•Performed other related duties as assigned

•Ensured customer satisfaction and ultimately responsible for the day to day running and administration of the retail store by ensuring all the company policies, rules, procedures, and standards were followed.

•Managed inventory to always ensure stock availability; prepared daily, weekly, monthly, and quarterly stock and sales reports; ensured daily stock reconciliation and timely stock replenishments.

PROFESIONAL ASSOCIATION

•The Computing Technology Industry Association (CompTIA)

•The International Information System Security Certification Consortium (ISC)

•The Information Systems Audit and Control Association (ISACA)

Contact this candidate